2014-04-29 17:15 GMT+02:00 Alexander Larsson <alexl@xxxxxxxxxx>:
On tis, 2014-04-29 at 14:15 +0200, Jaroslav Reznik wrote:This is gonna conflict a bit with docker, and other users of network
> = Proposed System Wide Change: Default Local DNS Resolver =
> https://fedoraproject.org/wiki/Changes/Default_Local_DNS_Resolver
> To install a local DNS resolver trusted for the DNSSEC validation running on
> 127.0.0.1:53. This must be the only name server entry in /etc/resolv.conf.
namespaces, like systemd-nspawn. When docker runs, it picks up the
current /etc/resolv.conf and puts it in the container, but the container
itself runs in a network namespace, so it gets its own loopback device.
This will mean 127.0.0.1:53 points to the container itself, not the
host, so dns resolving in the container will not work.
Good point; would it be fair to treat this as a blocker?
(This also assumes that the docker containers will use the same security policy as the host; i.e. that they will be administered by the same entity, no "docker hosting" businesses.)
Mirek
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
